-
Notifications
You must be signed in to change notification settings - Fork 3
/
gossl.go
43 lines (39 loc) · 1.25 KB
/
gossl.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
package gossl
import (
"crypto/tls"
"errors"
"fmt"
"net/http"
"time"
)
// https://mritd.com/2021/05/31/golang-check-certificate-expiration-time/
func checkSSl(beforeTime time.Duration) error {
c := &http.Client{
Transport: &http.Transport{
// 注意如果证书已过期,那么只有在关闭证书校验的情况下链接才能建立成功
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
},
},
// 10s 超时后认为服务挂了
Timeout: 10 * time.Second,
}
resp, err := c.Get("https://mritd.com")
if err != nil {
return err
}
defer func() { _ = resp.Body.Close() }()
// 遍历所有证书
for _, cert := range resp.TLS.PeerCertificates {
// 检测证书是否已经过期
if !cert.NotAfter.After(time.Now()) {
return errors.New(fmt.Sprintf("Website [https://mritd.com] certificate has expired: %s", cert.NotAfter.Local().Format("2006-01-02 15:04:05")))
}
// 检测证书距离当前时间 是否小于 beforeTime
// 例如 beforeTime = 7d,那么在证书过期前 6d 开始就发出警告
if cert.NotAfter.Sub(time.Now()) < beforeTime {
return errors.New(fmt.Sprintf("Website [https://mritd.com] certificate will expire, remaining time: %fh", cert.NotAfter.Sub(time.Now()).Hours()))
}
}
return nil
}